• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

PSD2 - European Commission adopts Delegated Regulation regarding regulatory technical standards on strong customer authentication and on common and secure open standards of communication

What has happened?

Firms who are within scope of the second Payment Services Directive ((EU) 2015/2366) (“PSD2”) now have – at long last – some clarity around PSD2’s strong customer authentication (“SCA”) requirements, following the European Commission’s adoption on 27 November 2017 of a Delegated Regulation and Annex with regard to the regulatory technical standards (“RTS”) on SCA and common and secure open standards of communication (“CSC”) (C(2017) 7782). 

What are the key points?

The key points relate to continuing access by payment service providers to payment service users’ payment account information held by banks and an optional corporate exemption from certain SCA requirements. 

Some detail

The journey to this point has not been easy and it is not clear whether the final RTS will answer all outstanding questions around SCA. The RTS were drafted initially by the European Banking Authority (“EBA”) further to its mandate under PSD2 to specify the requirements for SCA (under Article 98) and related exemptions, security measures for payment service users’ credentials and CSC for payment service providers. 

The RTS met with initial disapproval from the European Commission, which drafted a letter in May 2017 setting out its intention to make a number of amendments. The most controversial of these was the Commission’s proposed requirement that Account Servicing Payment Service Providers (“ASPSPs”) (banks typically) provide access to the customer interface for Account Information Service Providers (“AISPs”) and Payment Initiation Service Providers (“PISPs”) if the dedicated interface is not available. In other words, screen-scraping would still need to be provided even if a bank’s dedicated interface for AISPS and PISPs fails; this is in order to ensure continuity to payment service users (end customers) of the services provided by AISPs and PISPs. In June 2017, the EBA responded with an Opinion letter, setting out its objections, including its objection to permitting screen-scraping in this way. 

The Commission’s adoption of the RTS includes some substantive amendments reflecting the Commission’s original position. The first is the addition of a further exemption from SCA to cover electronic payment transactions that are performed through dedicated payment processes used by corporates, where the appropriate level of security is achieved through other means than the authentication of a particular individual. This exemption would be subject to the approval of each national competent authority. 

The Commission’s second amendment to the RTS relates to “screen-scraping”. Here, the Commission promotes a compromise position (or perhaps a punt). The Commission maintains that banks should permit a fall-back mechanism if the dedicated interface fails: “it is necessary  to  provide,  subject  to  strict  conditions,  a  fall-back  mechanism  that  will  allow  such  providers  to  use  the  interface  that  the  account  servicing   payment   service   provider   maintains   for   the   identification   of,   and  communication   with,   its  own  payment  service   users.” (C(2017) 7782 final (Recital 24))

Having said that, the Commission has also decided that national competent authorities may exempt banks from being required to provide such a fall-back mechanism, provided the dedicated interface meets certain criteria. In other words, it’s back to the FCA. This means that ASPSPs, AISPs and PISPs could face different SCA requirements depending upon which Member State they are operating in.

What happens next?

Although PSD2 applies from 13 January 2018, the RTS apply 18 months after the date that the Delegated Regulation enters into force, which will be the date of its publication in the Official Journal of the EU. This means that the RTS should apply from around Q3/Q4 2019, assuming the necessary approval by the European Parliament and the Council is granted.

The Commission’s adoption of the RTS has several implications for payment service providers. Payment service providers now know they have until around Q3/Q4 2019 to ensure that their systems comply with the security measures in Articles 65, 67 and 97 of PSD2 (transposed in the UK under Part 7 of the Payment Services Regulations 2017) concerning SCA, bearing in mind that those provisions in Articles 65, 67 and 97 that do not relate to SCA will apply from the implementation of PSD2 13 January 2018. 

Contact our experts for further advice

Jacob Ghanty, Sophie van Wingerden, Chris Hill